Sodera: Critical Packets and Information for Decryption
After two Bluetooth devices are paired and Sodera has captured data, the Frontline software requires certain packets and information for successful post capture decryption.
The following information and packets are needed to follow decryption:
- Link Key
- Full Master BD_ADDR, Full Slave BD_ADDR
- All packets from the last authentication (master or slave) before encryption starts (LMP_au_rand, and LMP_sres)
- LMP_en_rand, negotiated LMP_encryption_key_size,
- LMP_start_encryption_req, LMP_accepted(LMP_start_encryption_req)
- LMP_stop_encryption_req, LMP_accepted(LMP_stop_encryption_req)
BR/EDR Secure Encryption (AES)
The following information and packets are needed to follow decryption:
- Link Key
- Full Master BD_ADDR, Full Slave BD_ADDR
- Complete mutual authentication (LMP_au_rand from the master and slave as well as LMP_sres from the master and slave)
- Negotiated LMP_encryption_key_size
- LMP_start_encryption_req, LMP_accepted(LMP_start_encryption_req)
- LMP_pause_encryption_aes_req (if pausing and resuming AES encryption)
- LMP_stop_encryption_req, LMP_accepted(LMP_stop_encryption_req)
Bluetooth low energy Encryption (AES)
The following information and packets are needed to follow decryption:
- Long-Term Key (LTK)
- LL_ENC_REQ, LL_ENC_RSP
- LL_START_ENC_REQ, LL_START_ENC_RSP
- LL_PAUSE_ENC_REQ, LL_PAUSE_ENC_RSP
Bluetooth low energy Critical Decryption Packets, Message Sequence Chart
Bluetooth low energy Critical Decryption Packets, Frame Display